AI Data Security & Privacy Engineer

About The Position

Requirements

• 5+ years of hands-on experience in information security, privacy engineering, or related roles.
• Strong understanding of global data protection laws and regulations (e.g., GDPR, CCPA) and their technical implications.
• Proven experience in incident response, data protection engineering, and risk assessments.
• Familiarity with data classification, mapping, and governance methodologies.
• Experience with at least one software data classification technology, such as a DSPM.
• Experience with DLP technologies and implementing privacy workflows and automation.
• Familiarity with workflow automation tools and ticketing systems (e.g., Jira, ServiceNow).
• Strong analytical, problem-solving, and communication skills, with the ability to work effectively across cross-functional teams.

Nice To Haves

• Experience in using third-party privacy automation tooling is a plus.
• Industry certifications (e.g., CISSP, CISA, CISM) are a plus.

Responsibilities

• Data Discovery, Classification, and Mapping
• Design and implement data classification and handling frameworks to provide appropriate protection throughout the data lifecycle.
• Build and maintain comprehensive data inventories and data flow maps, identifying where data resides and how it is processed across systems.
• Collaborate with Engineering teams to apply appropriate controls at every point in the data pipeline.
• Understand the need for encryption, implement it where possible, and implement all appropriate safeguards to ensure keys are both kept secure and available to prevent data exfiltration and loss.
• Privacy by Design and Technical Enablement
• Partner with Engineering, Legal, Product, IT, and other cross-functional stakeholders to design and embed privacy and data protection principles across the entire organization, from product development to operations.
• Partner with Stakeholders to translate legal and regulatory obligations into actionable technical requirements, policies, and controls.
• Develop privacy-enhancing capabilities such as data minimisation, anonymisation, and access-control frameworks that scale with our infrastructure.
• Work with AI teams to ensure that architectural designs are reviewed and threat modeled to minimize data privacy risk.
• Risk Assessment, Monitoring, and Compliance Execution
• Conduct technical risk assessments of internal and third-party systems and applications to identify, evaluate, and mitigate privacy and data security risks, including vulnerabilities, misuse, and compliance gaps.
• Contribute to Data Protection Impact Assessments (DPIAs) by assessing the technical and security implications of new processing activities.
• Partner with Legal to transform evolving regulatory frameworks (e.g., SOC2, GDPR, CCPA, NIST, ISO) into secure, scalable engineering solutions that drive compliance and build user trust.
• Incident Response and Breach Management
• Support and coordinate the company’s technical response to data breaches or security incidents, including those impacting personal information (Incidents), enabling timely investigation, effective mitigation, and root-cause analysis.
• Design and implement processes and tooling to detect, investigate, and remediate data security incidents in compliance with applicable laws.
• Privacy Automation and Process Enablement
• Partner with Stakeholders to design and implement automated workflows and tools to streamline privacy operations, including data subject rights requests and data deletion workflows.
• Deploy and manage data loss prevention (DLP) capabilities across endpoints, applications, and infrastructure to prevent unauthorised disclosure of sensitive data.
• Implement continuous auditing, monitoring, and alerting to track compliance posture and surface security and operational privacy risks proactively.
• Cross-Functional Collaboration and Enablement
• Act as a trusted advisor to Stakeholders on the technical implementation of privacy and security controls.
• Provide strategic input on product design decisions and architectural choices to enable alignment with privacy and security best practices.
• Partner with cross-functional teams to develop and execute vendor risk assessments as they relate to data security, establishing processes that address technical, security, and privacy requirements across the entire vendor lifecycle.
• Collaborate with Legal on technical aspects of contractual reviews with enterprise customers, partners, vendors, and other third parties.
• Assist with answering vendor security questionnaires as they relate to Rocket Lawyer’s privacy and data-handling policies.
• Contribute to the development of internal policies, standards, and procedures based on technical best practices.

Benefits

• Comprehensive health plans (including Medical, Dental, and Vision insurance for full-time employees)
• Unlimited PTO
• Competitive salary packages
• Life insurance
• Disability benefits
• Supplemental Optional Life Insurance Benefits
• FSA Options Optional
• HSA with Company Match
• 401k program with Company Match
• Wellhub & ClassPass fitness platforms
• Comprehensive Pet Insurance options
• Financial Wellbeing & Student Loan Program access
• Access to additional Mental Health & Wellbeing resources
• Pre-tax Commuter/Transit Benefits
• Free Rocket Lawyer account with online access to an extensive legal documents library and brilliant licensed attorneys at discounted rates.